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DETAILED ACTION 

1 . This office action is in reply to an amendment after a non-final 
rejection filed on June 29, 2007. Claims 13 and 34 are canceled. 
Thus claims 1-12, 14-33 and 35 are pending/ examined. 
Every independent claim 1, 14, 15, 17, 23 and 35 is 
amended. 

2. The amendment made to the respective independent claims overcomes 
the 101 rejection set forth in the previous office action. Thus the previous 
101 rejection set forth in the previous office action is withdrawn. 

Response to Arguments 

3. Applicant's arguments filed on June 29, 2007 have been fully considered 
but are moot in view of the new ground(s) of rejection. 

Priority 

4. Receipt is acknowledged of papers submitted under 35 U.S.C. 1 19 (a)-(d), 
which papers have been placed of record in the file 

Claim Rejections - 35 USC § 102 
6- Cjalm , 15 , is rejected under 35 U.S.C. 102(e) as being anticipated by 
England et al. (hereinafter referred as England) (U.S. Patent No: 6, 
327,652 Bl) (Filed on Jan 8, 1999), which Claims Priority from 
Provisional Application No 60,105,891 filed on October 26, 1998) 
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7. 




.England discloses a method of 



validating the performance of an entity in a first computing 
environment [Column 9, lines 65-column 10, lines 3] (The content 
provider 220 examines the CPU certificate 202, the DRMOS identity 206, 
and the properties specified in the rights manager certificate 210 to 
determine whether it should establish a trust relationship with the DRMOS 
205 on the subscriber computer 200/ entity in a first computing 
environment)., comprising 

issuing a first challenge to determine if a computing environment of 
the entity is trustworthy and to determine the integrity of an 
application run in the entity's computing environment if the entity 
is determined to be trustworthy, [Column 9, line 45-lines 51 and 
column 9, lines 65-column 10, lines 3; column 9, lines 27-29] (The 
content provider 220 transmits a challenge message 4 to the DRMOS 205 
asking for the identity of the CPU 201, the DRMOS 205, and the 
application 209. The DRMOS 205 transmits a response message 5 
containing a certificate 202 for the CPU 201, its own identity 206, and the 
rights manager certificate 210 for the application 2 09. Furthermore on 
column 9, lines 65-column 10, lines 3, the following has been disclosed. 
"The certificate 202 is signed using the private key of the CPU 201. The 
content provider 220 examines the CPU certificate 202, the DRMOS 
identity 206, and the properties specified in the rights manager certificate 
210 to determine whether it should establish a trust relationship with the 
DRMOS 205 on the subscriber computer 200. " Note that as it is described 
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on column 9, lines 27-29, certificate 210 identifies the trusted application) 
and 

allowing the entity access to the first computing environment based 
on a response to the challenge received from the entity. [Column 9, 
lines 65-column 10, lines 3] (The certificate 202 is signed using the 
private key of the CPU 201. The content provider 220 examines the CPU 
certificate 202, the DRMOS identity 206, and the properties specified in the 
rights manager certificate 210 to determine whether it should establish a 
trust relationship with the DRMOS 205 on the subscriber computer 200.) 

Claim Rejections - 35 USC § 103 



9. Claims 1-12. 14. 16-33 and 35 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over the publication with the title "Building A 
Foundation of Trust in the PC" (The Trusted Computing Platform 
Alliance) (hereinafter refereed as Trusted Computing) (Printed 
publication date: January, 2000) (Submitted with IDS) in view of England 
et al. (hereinafter referred as England) (U.S. Patent No: 6, 327,652 Bl) 
(Filed on Jan 8, 1999), which Claims Priority from Provisional Application 
No 60,105,891 filed on October 26, 1998) 



10. As per independent claims 1. 14. 17. 23 and 35 Trusted Computing 
discloses a method of validating the performance of a participant in 
an interactive computing environment, [See page 5, under the title 
"Remote Attestation up to page 6, first paragraph] comprising: 



Application/Control Number: 10/632,135 Page 5 

Art Unit: 2132 

Issuing a first challenge to a participant's computing device; 
receiving a first response from the participant's computing device in 
response to the first challenge; determining whether the 
participant's computing device is trustworthy, based on the first 
response; [See page 5, under the title "Remote Attestation, up to page 6, 
first paragraph] ("TCPA remote attestation allows an application (the 
"challenger") to trust a remote platform. This trust is built by 
obtaining integrity metrics for the remote platform, securely storing these 
metrics and then ensuring that the reporting of the metrics is secure. For 
example, before making content available to a subscriber, it is likely that a 
service provider will need to know that the remote platform is 
trustworthy. The service provider's platform (the "challenger") queries " 
the remote platform, meets the limitation "issuing a first challenge to a 
participant's computing device to determine whether the 
participant's computing device is trustworthy," During system boot, 
the challenged platform creates a cryptographic hash of the system BIOS, 
using an algorithm to create a statistically unique identifier for the 
platform. The integrity metrics are then stored. When it receives the query 
from the challenger, the remote platform responds by digitally 
signing and then sending the integrity metrics. The digital signature 
prevents tampering and allows the challenger to verify the signature. If 
the signature is verified, the challenger can then determine whether the 
identity metrics are trustworthy meets the limitation of "determining 
whether or not the participant's computing device is trustworthy" 
If so, the challenger, in this case the service provider, can then 
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deliver the content. It is important to note that the TCPA process does not 
make judgments regarding the integrity metrics. It merely reports the 
metrics and lets the challenger make the final decision regarding the 
trustworthiness of the remote platform.) 
Trusted Computing is silent on, 

• issuing a second challenge to the participant's computing device if 
the participant's computing device is determined to be trustworthy; 
receiving a second response from the participant's computing device in 
response to the second challenge; testing the integrity of an application 
running on the participant's computing device based on the received 
second response; allowing the participant's computing device access to a 
computing environment based on the test results . 

• However, in the same field of endeavor England, on Column 9, 
line 45-lines 51 and column 9, lines 65-column 10, lines 3; column 9, 
lines 27-29 discloses the following which meets the above limitation. 
First on column 9, lines 45-lines 51 the following has been 
disclosed. The content provider 220 transmits a challenge message 4 to 
the DRMOS 205 asking for the identity of the CPU 201, the DRMOS 205, 
and the application 209 and this meets the limitation recited as "issuing 
a second challenge to the participant s computing device if the 
participant's computing device is determined to be trustworthy" because 
all subscribers shown on figure 2, ref. Num "200" provides some 
information to content providers shown on figure 2, ref. Num 220, before 
they receive any challenge from the content providers that will qualify 
them to be trustworthy; Furthermore The DRMOS 205 transmits a 
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response message 5 containing a certificate 202 for the CPU 201, its own 
identity 206, and the rights manager certificate 210 for the application 
209. Furthermore on column 9, lines 65-column 10, lines 3, the following 
has been disclosed. "The certificate 202 is signed using the private key of 
the CPU 201. The content provider 220 examines the CPU certificate 202, 
the DRMOS identity 206, and the properties specified in the rights 
manager certificate 210 to determine whether it should establish a trust 
relationship with the DRMOS 205 on the subscriber computer 200. " Note 
that as it is described on column 9, lines 27-29, certificate 210 identifies 
the trusted application) 

It would have been obvious to one having ordinary skill in the art, at the 
time the invention was made, to employ the teachings of England such 
as issuing a second challenge to the participant's computing device if the 
participant's computing device is determined to be trustworthy; receiving 
a second response from the participant's computing device in response to 
the second challenge; testing the integrity of an application running on 
the participant's computing device based on the received second 
response; allowing the participant's computing device access to a 
computing environment based on the test results within the method of 
Trusted Computing for the purpose of creating more secure, 
comprehensive, software identification method that enforces digital 
rights. [See "England", column 1, lines 21-23] 
1 1 . As per claims 2-4. 18-20 and 24-26. the combination of T rusted 
Computing and England discloses a method as applied to claims 
above. Furthermore England discloses a method, in which the 
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second challenge tests for modification of the application. [Column 
9, line 45-lines 51 and column 9, lines 65-column 10, lines 3; column 9, 
lines 27-29] (England, on Column 9, line 45-lines 51 and column 9, lines 
65-column 10, lines 3; column 9, lines 27-29 discloses the following 
which meets the above limitation. First on column 9, lines 45-lines 
51 the following has been disclosed. The content provider 220 
transmits a challenge message 4 to the DRMOS 205 asking for the identity 
of the CPU 201, the DRMOS 205, and the application 209 and this meets 
the limitation recited as "issuing a second challenge to the participant's 
computing device if the participant's computing device is determined to be 
trustworthy" because all subscribers shown on figure 2, ref. Num "200" 
provides some information to content providers shown on figure 2, ref. Num 
220, before they receive any challenge from the content providers that will 
qualify them to be trustworthy"; Furthermore The DRMOS 205 transmits a 
response message 5 containing a certificate 202 for the CPU 201, its own 
identity 206, and the rights manager certificate 210 for the application 
209. Furthermore on column 9, lines 65-column 10, lines 3, the following 
has been disclosed. "The certificate 202 is signed using the private key of 
the CPU 201. The content provider 220 examines the CPU certificate 202, 
the DRMOS identity 206, and the properties specified in the rights 
manager certificate 210 to determine whether it should establish a trust 
relationship with the DRMOS 205 on the subscriber computer 200. " Note 
that as it is described on column 9, lines 27-29, certificate 210 identifies 
the trusted application) 



Application/Control Number: 10/632,135 Page 9 

Art Unit: 2132 

12. As per claims 5-10, 21-22 and 27-28 the combination of Trusted 
Computing and England discloses a method as applied to claims 
above. Furthermore Trusted Computing discloses a method, in 
which in the first challenge the trustworthiness of the BIOS is 
validated, [See page 5, under the title "Remote Attestation, up to page 6, 
first paragraph] ("TCPA remote attestation allows an application (the 
"challenger") to trust a remote platform. This trust is built by 
obtaining integrity metrics for the remote platform, securely storing these 
metrics and then ensuring that the reporting of the metrics is secure. For 
example, before making content available to a subscriber, it is likely that a 
service provider will need to know that the remote platform is 
trustworthy. The service provider's platform (the "challenger") queries " 
the remote platform, meets the limitation "issuing a first challenge to a 
participant's computing device to determine whether the 
participant's computing device is trustworthy," During system boot, 
the challenged platform creates a cryptographic hash of the system BIOS, 
using an algorithm to create a statistically unique identifier for the 
platform. The integrity metrics are then stored. When it receives the query 
from the challenger, the remote platform responds by digitally 
signing and then sending the integrity metrics. The digital signature 
prevents tampering and allows the challenger to verify the signature. If 
the signature is verified, the challenger can then determine whether the 
identity metrics are trustworthy meets the limitation of "determining 
whether or not the participant's computing device is trustworthy" 
If so, the challenger, in this case the service provider, can then 
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deliver the content. It is important to note that the TCPA process does not 
make judgments regarding the integrity metrics. It merely reports the 
metrics and lets the challenger make the final decision regarding the 
trustworthiness of the remote platform.) 
13. As per claims 11-12.16. 29-33 the combination of Trusted 

Computing and England discloses a method as applied to claims 
above. Furthermore England discloses a method, in which the 
challenge is issued by a server [figure 2, ref. Num "220" or "Content 
Provider" ] with which the participants computing device [figure 2, 
ref. Num "200"/ Subscribers ] is in communication. [Figure 2] (Column 9, 
line 45-lines 51 and column 9, lines 65-column 10, lines 3; column 9, 
lines 27-29] (England, on Column 9, line 45-lines 51 and column 9, lines 
65-column 10, lines 3; column 9, lines 27-29 discloses the following 
which meets the above limitation. First on column 9, lines 45-lines 
51 the following has been disclosed. The content provider 220 
transmits a challenge message 4 to the DRMOS 205 asking for the identity 
of the CPU 201, the DRMOS 205, and the application 209 and this meets 
the limitation recited as "issuing a second challenge to the participant's 
computing device if the participant's computing device is determined to be 
trustworthy" because all subscribers shown on figure 2, ref. Num "200" 
provides some information to content providers shown on figure 2, ref. Num 
220, before they receive any challenge from the content providers that will 
qualify them to be trustworthy"; Furthermore The DRMOS 205 transmits a 
response message 5 containing a certificate 202 for the CPU 201, its own 
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identity 206, and the rights manager certificate 210 for the application 
209. Furthermore on column 9, lines 65-column 10, lines 3, the following 
has been disclosed. "The certificate 202 is signed using the private key of 
the CPU 201. The content provider 220 examines the CPU certificate 202, 
the DRMOS identity 206, and the properties specified in the rights 
manager certificate 210 to determine whether it should establish a trust 
relationship with the DRMOS 205 on the subscriber computer 200. " Note 
that as it is described on column 9, lines 27-29, certificate 210 identifies 
the trusted application. 

Furthermore the primary reference on the record namely Trusted 
Computing discloses a method, in which the challenge is issued by 
a server [figure 1, ref. Num "12"] with which the participants 
computing device figure 1, ref. Num "14-16] is in communication. 

figure 1, ref Num "18" and See also page 5, under the title "Remote 
Attestation, up to page 6, first paragraph] ("TCPA remote attestation 
allows an application (the "challenger") to trust a remote platform. 
This trust is built by obtaining integrity metrics for the remote platform, 
securely storing these metrics and then ensuring that the reporting of the 
metrics is secure. For example, before making content available to a 
subscriber, it is likely that a service provider will need to know that the 
remote platform is trustworthy. The service provider's platform (the 
"challenger") queries " the remote platform, meets the limitation "issuing a 
first challenge to a participant's computing device to determine 
whether the participant's computing device is trustworthy, " During 



Application/Control Number: 10/632,135 Page 12 

Art Unit: 2132 

system boot, the challenged platform creates a cryptographic hash of the 
system BIOS, using an algorithm to create a statistically unique identifier 
for the platform. The integrity metrics are then stored. When it receives the 
query from the challenger, the remote platform responds by digitally 
signing and then sending the integrity metrics. The digital signature 
prevents tampering and allows the challenger to verify the signature. If 
the signature is verified, the challenger can then determine whether the 
identity metrics are trustworthy meets the limitation of "determining 
whether or not the participant's computing device is trustworthy" 
If so, the challenger, in this case the service provider, can then 
deliver the content. It is important to note that the TCPA process does not 
make judgments regarding the integrity metrics. It merely reports the 
metrics and lets the challenger make the final decision regarding the 
trustworthiness of the remote platform.) 

Conclusion 

14. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO-Form 892). 

a. U.S. Patent No. 6, 990,660 B2, Moshir et al discloses an 
automated method for at least attempting to update software in a system 
having a first target computer in a non-update state connected across a 
network to an update server in a pre-update state. 
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15. Applicant's amendment necessitated the new ground(s) of rejection 

presented in this Office action. Accordingly, THIS ACTION IS MADE 
FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first 
reply is filed within TWO MONTHS of the mailing date of this final action 
and the advisory action is not mailed until after the end of the THREE- 
MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension 
fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date 
of the advisory action. In no event, however, will the statutory period for 
reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Samson B Lemma whose 
telephone number is 571-272-3806. The examiner can normally be 
reached on Monday-Friday (8:00 am— 4: 30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, BARRON JR GILBERTO can be reached on 571- 
272-3799. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either 
Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. 
Should you have questions on access to the Private PAIR system, contact 
the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



06/05/2008 
/Samson B Lemma/ 
Examiner, Art Unit 2132 

/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2132 



